🟠 High | Source: Microsoft Security Response Center
CVE-2025-40168 is a Linux kernel vulnerability in the SMC (Shared Memory Communications) subsystem, specifically in how destination routing cache entries are accessed without proper RCU (Read-Copy-Update) locking in the smc_clc_prfx_match() function. This can lead to a use-after-free condition, potentially allowing an attacker to cause a system crash or execute arbitrary code. It matters because Azure Linux-based virtual machines and services relying on the SMC networking stack may be exposed if the underlying kernel is unpatched.
Security Architect’s Take: Ensure Azure Linux VMs and any Container/AKS node pools are running patched kernel versions that address this SMC subsystem flaw; review your patch management cadence for kernel-level CVEs and prioritise updates where SMC or RDMA networking features are enabled.
Original advisory: CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().